[clamav-users] Are Win.Trojan.Shopperz and Win.Trojan.Uztuby-3 false positives?

[Al Varnell]

Then you need to report that as a False Positive by uploading dnsapi.dll to http://www.clamav.net/reports/fp.  If you joint the clamav-virusdb list you will be notified when it’s been taken care of.

-Al-

-- 
Al Varnell
ClamXav User

On Feb 17, 2016, at 10:24 AM, JD Ackle <jdalinux at yahoo.com.br> wrote:

> Concerning the Shopperz detection, I got it on a Windows system file ( C:\Windows/System32/dnsapi.dll ) and the its full name is: Win.Trojan.Shopperz-381dnsapi.dll is a Windows system file without which Windows will not connect to the Internet (at least on my WiFi setup).ClamAV also detected Sopperz-381 on the same file, in a different location (cached?) on the same Windows system: Windows/WinSxS/amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_22114c18cd7ccd17/dnsapi.dllThe first time I ran ClamAV on these files (first scan = detection) was immediately after installing Windows 10 from a DVD burned with an ISO file downloaded from Microsoft's site. After my first login to that Windows system I rebooted to a Linux Live DVD (NO network connection was made until after booting Linux - which I performed in order to install ClamAV and run freshclam).VirusTotal thinks it's "probably harmless" but Antiy-AVL agrees with ClamAV that it contains a Trojan:https://www.virustotal.com/en/file/b51a82ed2d45855ea9018b6269931ca62f3dc430fd513c7e751fc2cb76014bab/analysis/1455724650/ FYI at least since version 8 of Windows, there is this Microsoft Shop application that enables you to download free/bought software - I'm guessing there might me some code in dnsapi.dll facilitating that feature.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160217/2efce13f/attachment.bin>